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We show how systems of session types can enforce interactions to be bounded for all typable pro- 
cesses. The type system we propose is based on Lafont's soft linear logic and is strongly inspired 
by recent works about session types as intuition] stic Unear logic formulas. Our main result is the 
existence, for every typable process, of a polynomial bound on the length of any reduction sequence 
starting from it and on the size of any of its reducts. 

1 Introduction 

Session types are one of the most successful paradigms around which communication can be disciplined 
in a concurrent or object-based environment. They can come in many different flavors, depending on the 
underlying programming language and on the degree of flexibility they allow when defining the structure 
of sessions. As an example, systems of session types for multi-party interaction have been recently 
introduced f9l, while a form of higher-order session has been shown to be definable fT2l . Recursive 
types, on the other hand, have been part of the standard toolset of session type theories since their 
inception [SJ. 

The key property induced by systems of session types is the following: if two (or more) processes 
can be typed with "dual" session types, then they can interact with each other without "going wrong", i.e. 
avoiding situations where one party needs some data with a certain type and the other(s) offer something 
of a different, incompatible type. Sometimes, one would like to go beyond that and design a type system 
which guarantees stronger properties, including quantitative ones. An example of a property that we 
find particularly interesting is the following: suppose that two processes P and Q interact by creating 
a session having type A through which they communicate. Is this interaction guaranteed to be finite? 
How long would it last? Moreover, P and Q could be forced to interact with other processes in order 
to be able to offer A. The question could then become: can the global amount of interaction be kept 
under control? In other words, one could be interested in proving the interaction induced by sessions to 
be bounded. This problem has been almost neglected by the research community in the area of session 
types, although it is the manifesto of the so-called implicit computational complexity (ICC), where one 
aims at giving machine-free characterizations of complexity classes based on programming languages 
and logical systems. 

Linear logic (LL in the following) has been introduced twenty-five years ago by Jean- Yves Girard Q. 
One of its greatest merits has been to allow a finer analysis of the computational content of both intu- 
itionistic and classical logic. In turn, this is possible by distinguishing multiplicative as well as additive 
connectives, by an involutive notion of negation, and by giving a new status to structural rules allowing 
them to be applicable only to modal formulas. One of the many consequences of this new, refined way 
of looking at proof theory has been the introduction of natural characterizations of complexity classes 
by fragments of linear logic. This is possible because linear logic somehow "isolates" complexity in 
the modal fragment of the logic (which is solely responsible for the hyperexponential complexity of cut 
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elimination in, say intuitionistic logic), which can then be restricted so as to get exactly the expressive 
power needed to capture small complexity classes. One of the simplest and most elegant of those systems 
is Lafont's soft linear logic (SLL in the following), which has been shown to correspond to polynomial 
time in the realm of classical ifTOl . quantum |6] and higher-order concurrent computation |5 1. 

Recently, Caires and Pfenning [H have shown how a system of session types can be built around 
intuitionistic linear logic, by introducing ttDILL, a type system for the Ti-calculus where types and rules 
are derived from the ones of intuitionistic linear logic. In their system, multiplicative connectives like (g) 
and allow to model sequentiality in sessions, while the additive connectives & and © model external 
and internal choice, respectively. The modal connective !, on the other hand, allows to model a server of 
type !A which can offer the functionality expressed by A multiple times. 

In this paper, we study a restriction of ttDILL, called ttDSLL, which can be thought of as being derived 
from ttDILL in the same way as SLL is obtained from LL. In other words, the operator ! behaves in ttDSLL 
in the same way as in SLL. The main result we prove about TTDSLL is precisely about bounded interaction: 
whenever P can be typed in ttDSLL and P — Q, then both n and \Q\ (the size of the process Q, to be 
defined later) are polynomially related to \P\. This ensures an abstract but quite strong form of bounded 
interaction. Another, perhaps more "interactive" formulation of the same result is the following: if P and 
Q interact via a channel of type A, then the "complexity" of this interaction is bounded by a polynomial 
on |P| + \Q\, whose degree only depends on A. 

We see this paper as the first successful attempt to bring techniques from implicit computational 
complexity into the realm of session types. Although proving bounded interaction has been technically 
nontrivial, due to the peculiarities of the 7T-calculus, we think the main contribution of this work lies in 
showing that bounded termination can be enforced by a natural adaptation of known systems of session 
types. An extended version with more details is available [41. 

2 ttDILL, an Informal Account 

In this section, we will outline the main properties of ttDILL, a session type system recently introduced 
by Caires and Pfenning HJUl. For more information, please consult the two cited papers. 

In TTDILL, session types are nothing more than formulas of (propositional) intuitionistic Unear logic 
without atoms but with (multiplicative) constants: 

A::=l I AOA I A^A I A©A I A&A | !A. 

These types are assigned to channels (names) by a formal system deriving judgments in the form 

r;AhP::x:A, 

where F and A are contexts assigning types to channels, and P is a process of the name-passing TT 
calculus. The judgment above can be read as follows: the process P acts on the channel x according to 
the session type A whenever composed with processes behaving according to F and A (each on a specific 
channel). Informally, the various constructions on session types can be explained as follows: 
• 1 is the type of an empty session channel. A process offering to communicate via a session channel 

typed this way simply synchronizes with another process through it without exchanging anything. 

This is meant to be an abstraction for all ground session types, e.g. natural numbers, lists, etc. In 

linear logic, this is the unit for 0. 
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• A(S)B is the type of a session channel x through which a message carrying another channel with type 
A is sent. After performing this action, the underlying process behaves according to B on the same 
channel x. 

• A —o B is the adjoint to A on a channel with this type, a process communicate by first performing 
an input and receiving a channel with type A, then acting according to B, again on x. 

• A © B is the type of a channel on which a process either sends a special message inl and performs 
according to A or sends a special message inr and performs according to B. 

• The type A&B can be assigned to a channel x on which the underlying process offers the possibility 
of choosing between proceeding according to A or to B, both on x. So, in a sense, & models external 
choice. 

• Finally, the type !A is attributed to a channel x only if a process can be replicated by receiving a 
channel y through x, then behaving on y according to A. 

The assignments in F and A are of two different natures: 

• An assignment of a type A to a channel x in A signals the need by P of a process offering a session of 
type A on the channel x; for this reason, A is called the linear context; 

• An assigimient of a type A to a channel x in F, on the other hand, represents the need by P of a process 
offering a session of type !A on the channel x; thus, F is the exponential context. 

Typing rules ttDILL are very similar to the ones of DILL, itself one of the many possible formulations of 
linear logic as a sequent calculus. In particular, there are two cut rules, each corresponding to a different 
portion of the context: 

F;Ail-P::x:A F;A2,x : A h (2 :: T F;0l-P::y:A F,x : A;A h (2 :: T 
F;Ai,A2h(vx)(P|0::r T-^h {vx){\x{y).P \Q) -.-.T 

Please observe how cutting a process P against an assumption in the exponential context requires to 
"wrap" P inside a replicated input: this allows to turn P into a server. 

In order to illustrate the intuitions above, we now give an example. Suppose that a process P models 
a service which acts on x as follows: it receives two natural numbers, to be interpreted as the number and 
secret code of a credit card and, if they correspond to a valid account, returns an MPS file and a receipt 
code to the client. Otherwise, the session terminates. To do so, P needs to interact with another service 
(e.g. a banking service) Q through a channel y. The banking service, among others, provides a way to 
verify whether a given number and code correspond to a valid credit card. In TtDILL, the process P would 
receive the type 

0;y: (N^l©l)&AhP::x:N^N^ (S®N)©1, 

where N and S are pseudo-types for natural numbers and MP3s, respectively. A is the type of all the 
other functionalities Q provides. As an example, P could be the following process: 

x(nmi ) .x(c<ii ) .y.inl; 

{ynm2)y{nm2) .{vcd2)y{cd2) ■ 

y.case(x.inl; {vmp)x{mp) .{vrp)x{rp) ,x.inr;0) 

Observe how the credit card number and secret code forwarded to Q are not the ones sent by the client: 
the flow of information happening inside a process is abstracted away in ttDILL. Similarly, one can write 
a process Q and assign it a type as follows: 0;0 h Q :: j : (N ^ 1 © 1)&A. Putting the two derivations 
together, we obtain 0; h (vx) (P | Q) :: x : N ^ N ^ (S (g) N) © 1. 

Let us now make an observation which will probably be appreciated by the reader familiar with 
linear logic. The processes P and Q can be typed in ;rDILL without the use of any exponential rule, nor 
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of cut. What allows to type the parallel composition {vx){P \ Q), on the other hand, is precisely the cut 
rule. The interaction between P and Q corresponds to the elimination of that cut. Since there isn't any 
exponential around, this process must be finite, since the size of the underlying process shrinks at every 
single reduction step. From a process-algebraic point of view, on the other hand, the finiteness of the 
interaction is an immediate consequence of the absence of any replication in P and Q. 

The banking service Q can only serve one single session and would vanish at the end of it. To make 
it into a persistent server offering the same kind of session to possibly many different clients, Q must be 
put into a rephcation, obtaining R =lz{y)-Q. In R, the channel z can be given type !((N — o 1 © 1)&A) 
in the empty context. The process P should be somehow adapted to be able to interact with R: before 
performing the two outputs on y, it's necessary to "spawn" R by performing an output on z and passing 
y to it. This way we obtain a process S such that 

0;z:!((N^lel)&A)h5::x:N^N^(S0N)el, 

and the composition (vz)(S | R) can be given the same type as {vx){P \ Q). Of course, S could have used 
the channel z more than once, initiating different sessions. This is meant to model a situation in which 
the same client interacts with the same server by creating more than one session with the same type, 
itself done by performing more than one output on the same channel. Of course, servers can themselves 
depend on other servers. And these dependencies are naturally modeled by the exponential modality of 
linear logic. 

3 On Bounded Interaction 

In ;rDILL, the possibility of modeling persistent servers which in turn depend on other servers makes it 
possible to type processes which exhibit a very complex and combinatorially heavy interactive behavior. 
Consider the following processes, the first one parameterized on any i G N: 

dupseri = \xi{y).{vz)xi+i (z).(vw)x,-+i (w).; 
dupclient = {vy)xo{y)- 

In ;rDILL, these processes can be typed as follows: 

0;x,_|_i :!1 hdupserj :: x,- :!1; 
0;xo :!1 \-dupclient ::z: 1. 

Then, for every n G N one can type the parallel composition mulsern+i = (vxi . . .x„) {dupser„ 1 1 . . . | \dupserQ) 
as follows 

0;xn :!1 h mulsern :: xq :!1. 

Informally, mulser,, is a persistent server which offers a session type 1 on a channel xq, provided a server 
with the same functionality is available on Xfi- The process mulser ^ is the parallel composition of n 
servers in the form dupser^, each spawning two different sessions provided by dupseri_^_i on the same 
channel 

The process mulser„ cannot be further reduced. But notice that, once mulsern and dupclient are 
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composed, the following exponential blowup is bound to happen: 

{yxQ){mulsern \ dupclient) = (vxq . . .Xn){dupser^\ \ . . 

— )• (vxo . . .Xn){dupser^ \ \ . 
— s-^ ( vxi . . . Xn)[dupser^^ \ \ 
— s-^ ( VX2 . . . Xn){dupser^, \ \ 



Wdupser^ \ dupclient) 
\\dupsery \ P\) 




— {vxn){dupser„ \ P„ 




1' 



times 



Here, for every / G N the process Pi is simply {vy)xi{y) .{vz)xi{z) ■ Notice that both the number or reduc- 
tion steps and the size of intermediate processes are exponential in n, while the size of the initial process 
is linear in n. This is a perfectly legal process in ttDILL. Moreover the type !1 of the channel xq through 
which dupclient and mulsevn communicate does not contain any information about the "complexity" of 
the interaction: it is the same for every n. 

The deep reasons why this phenomenon can happen lie in the very general (and "generous") rules 
governing the behavior of the exponential modality ! in linear logic. It is this generality that allows the 
embedding of propositional intuitionistic logic into linear logic. Since the complexity of normalization 
for the former |[T3l [TTI is nonelementary, the exponential blowup described above is not a surprise. 

It would be desirable, on the other hand, to be sure that the interaction caused by any process P 
is bounded: whenever P — Q, then there's a reasonably low upper bound to both n and \Q\. This is 
precisely what we achieve by restricting ttDILL into TlDSLL. 

4 ;rDSLL: Syntax and Main Properties 

In this section, the syntax of ttDSLL will be introduced. Moreover, some basic operational properties will 
be given. 

4.1 The Process Algebra 

ttDSLL is a type system for a fairly standard 71 -calculus, exactly the one on top of which ;rDILL is defined: 

Definition 1 (Processes) Given an infinite set of names or channels x,y,z, ■ ■ ■, the set of processes is 
defined as follows: 

P::=0 \ P\Q\ {vx)P \ x{y).P \ x{y).P \ \x{y).P \ ;c.inl;P | x.inz-P \ x.case{P,Q) 

The only non-standard constructs are the last three, which allow to define a choice mechanism: the 
process x.ccLse{P,Q) can evolve as f or as 2 after having received a signal in the form inl o inr 
through X. Processes sending such a signal through the channel x, then continuing like P are, respectively, 
and ;c.inr;P. The set of names occurring free in the process P (hereby denoted /«(P)) is defined 
as usual. The same holds for the capture avoiding substitution of a name x for y in a process P (denoted 
P{x/y}), and for a-equivalence between processes (denoted =«). 

Structural congruence is an equivalence relation identifying those processes which are syntactically 
different but can be considered equal for very simple structural reasons: 
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Definition 2 (Structural Congruence) The relation =, called structural congruence, is the least con- 
gruence on processes satisfying the following seven axioms: 

P = Q whenever P =« Q; (vx)0 = 0; 

P|0 = P; {vx){vy)P={vy){vx)P; 

P\Q = Q\P; {{vx)P)\Q={vx){P\Q) whenever xifri{Q); 

P\{Q\R) = {P\Q)\R. 

Formal systems for reduction and labelled semantics can be defined in a standard way. We refer the 
reader to HI for more details. 

A quantitative attribute of processes which is delicate to model in process algebras is their size: how 
can we measure the size of a process? In particular, it is not straightforward to define a measure which 
both reflects the "number of symbols" in the process and is invariant under structural congruence (this 
way facilitating all proofs). A good compromise is the following: 

Definition 3 (Process Size) The size l^l of a process P is defined by induction on the structure ofP as 
follows: 

|0|=0; |x(3;).P| = l^l + l; |;c.inl;P| = |P| + 1; 

\P\Q\ = \P\ + \Q\; \x{y).P\ = \P\ + l; |x.inr;P| = |P| + 1; 

\{vx)P\ = \P\; \\x{y).P\ = \P\ + l; |;c.case(P,!2)| = |P| + |e| + 1- 

According to the definition above, the empty process has null size, while restriction does not increase 
the size of the underlying process. This allows for a definition of size which remains invariant under 
structural congruence. The price to pay is the following: the "number of symbols" of a process P can be 
arbitrarily bigger than \P\ (e.g. for every « € N, Kyx)"/*! = \P\). However, we have the following: 

Lemma 1 For every P,Q, \P\ = \Q\ whenever P = Q. Moreover, there is a polynomial p such that for 
every P, there is Q with P=Q and the number of symbols in Q is at most p{\Q\). 



4.2 The Type System 

The language of types of ttDSLL is exactly the same as the one of ;rDILL, and the interpretation of type 
constructs does not change (see Section[2]for some informal details). Typing judgments and typing rules, 
however, are significantly different, in particular, in the treatment of the exponential connective !. 
Typing judgments become syntactical expressions in the form 

r;A;0h/'::x:A. 



First of all, observe how the context is divided into three chunks now: F and A have to be interpreted 
as exponential contexts, while is the usual linear context from ttDILL. The necessity of having two 
exponential contexts is a consequence of the finer, less canonical exponential discipline of SLL compared 
to the one of LL. We use the following terminology: F is said to be the auxiliary context, while A is the 
multiplexor context. 

Typing rules are in Figure [T] The rules governing the typing constant 1, the multiplicatives {(E) and 
— o) and the additives (© and &) are exact analogues of the ones from ttDILL. The only differences come 
from the presence of two exponential contexts: in binary multiplicative rules ((8)R and L) the auxiliary 
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r;A;0,x:lhP::r r;A;0hO::x:l 
r;A;&,y:A,x:BhP::T Ti; A;0i h P :: j : A r2;A;02 h Q :: x : B 



r;A;&,x:A(S)B\-x{y).P::T rur2; A;&i, Qi'r {vy)x{y) .{P \ Q) x : A® B 

ruA;euyAhP::T T2;A;@2,x:B'r Q::T T;A;@,y : A'r P w x: B 



dR 



TuT2\^\®\,®2,x:A^B'^ {vy)x{y).{P\Q)::T T\A;@'^ x{y).P x : A ^ B 

r;A;Q,x:AhP:: r T; A;Q,x : B h P :: T r;A;QhP::x:A 

r;A;x:AeB,0h3;.case(P,2) :: r ® r;A;0 hx.inl;P :: x : AeB ^ 

r;A;0hP::x:B ^ T; A;0,x : A h P :: P 

®R2 . „ TTIT^ ^-T-P, — ^ &Li 



r;A;0 hx.inr;P ::x :AeS r;A;0,x : A&B hx.inl;P :: P 

r;A;0,x:BhP:: P r;A;0hP::x:A r;A;0 h P :: x : g „ ^ 

&-L2 — — ~i , „ ^\ , „ „ — &R 



r;A;0,x:A&Bhx.inr;P:: P ^ T; A;0 h 3;.case(P, 2) :: x : A&B 

r;A,x:A;0,3; :AhP:: P , r;A;0,>' : A h P :: P 



r;A,x:A;0h (vy)x(3;).P:: P " r,x : A; A;0 h (vj)x(3;).P :: P ' 

r;A,x:A;0hP:: P r,x : A;A;0 h P :: P T;(b;(b 'r Q y : A 

r;A;0,x:!AhP:: P ' * r;A;0,x :!A h P :: P ' ' 0; A; IF h!x(3;).e :: x :!A ' 

ri;A;0i hP::x:A A;02,x : A h 2 :: P A;0;0hP::3;:A T; A,x : A;0 h 2 :: P 

ri,r2;A;0i,02h(vx)(P|e)::P ^""^ F; A;0 h (vx)(!x(3;).P | :: P 

ri;0;0hP::3; :A r2,x : A;A;0 h 2 :: P 



ri,r2;A;0h(vx)(!x(3;).P|e)::P 



CUti 



Figure 1 : Typing rules for ttDSLL. 



context is treated multiplicatively, wiiile the multiplexor context is treated additively, as in ttDILiQ. Now, 
consider the rules governing the exponential connective !, which are bi, b#, ILi, !L# and !R: 

• The rules bi and b# both allow to spawn a server. This corresponds to turning an assumption x : A in 
the linear context into one j : A in one of the exponential contexts; in b#, x : A could be already present 
in the multiplexor context, while in bi this cannot happen; 

• The rules ILi and !L# lift an assumption in the exponential contexts to the linear context; this requires 
changing its type from A to !A; 

• The rule ! R allows to turn an ordinary process into a server, by packaging it into a repUcated input 
and modifying its type. 

'The reader familiar with hnear logic and proof nets will recognize in the different treatment of the auxiliary and multiplexor 
contexts, one of the basic principles of SLL: contraction is forbidden on the auxiliary doors of exponential boxes. The channel 
names contained in the auxiliary context correspond to the auxiliary doors of exponential boxes, so we treat them multiplica- 
tively. The contraction effect induced by the additive treatment of the channel names in the multiplexor context corresponds to 
the multiplexing rule of SLL. 
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Finally there are three cut rules in the system, namely cut, cut; and cut#: 

• cut is the usual linear cut rule, i.e. the natural generalization of the one from ttDILL. 

• cuti and cut# allow to eliminate an assumption in one of the the two exponential contexts. In both 
cases, the process which allows to do that must be typable with empty linear and multiplexor contexts. 

4.3 Back to Our Example 

Let us now reconsider the example processes introduced in Section |3] The basic building block over 
which everything is built was the process dupser^ = \xi{y) .{vz)xi+\ (z).(vw);c,+i (w).. We claim that for 
every /, the process dupseri is not typable in ttDSLL. To understand why, observe that the only way to 
type a replicated input like dupser^ is by the typing rule ! R, and that its premise requires the body of 
the replicated input to be typable with empty linear and multiplexor contexts. A quick inspection on the 
typing rules reveals that every name in the auxiliary context occurs (free) exactly once in the underlying 
process (provided we count two occurrences in the branches of a case as just a single occurrence). 
However, the name appears twice in the body of dupser^. 

A slight variation on the example above, on the other hand, can be typed in ;rDSLL, but this requires 
changing its type. See f4] for more details. 

4.4 Subject Reduction 

A basic property most type systems for functional languages satisfy is subject reduction: typing is pre- 
served along reduction. For processes, this is often true for internal reduction: if P — > 2 and h P : A, then 
h 2 : A. In this section, a subject reduction result for ttDSLL will be given and some ideas on the underly- 
ing proof will be described. Some concepts outlined here will become necessary ingredients in the proof 
of bounded interaction, to be done in Section [5] below. Subject reduction is proved by closely following 
the path traced by Caires and Pfenning; as a consequence, we proceed quite quickly, concentrating our 
attention on the differences with their proof. 

When proving subject reduction, one constantly work with type derivations. This is particularly true 
here, where (internal) reduction corresponds to the cut-elimination process. A linear notation for proofs 
in the form of proof terms can be easily defined, allowing for more compact descriptions. As an example, 
a proof in the form 

7r:ri;A;0i hP::A::A p : Fi; A;02,^ : A h 2 :: T 

cut 

Fi,F2;A;0i,02^M(P|e)::r 

corresponds to the proof term cut(D,;c.E), where D is the proof term for n and E is the proof term for 
p. If D is a proof term corresponding to a type derivation for the process P, we write D = P. From now 
on, proof terms will often take the place of processes: r;A;0 h D :: T stands for the existence of a type 
derivation D with conclusion F; A;0 h D :: T. A proof term D is said to be normal if it does not contain 
any instances of cut rules. 

Subject reduction will be proved by showing that if P is typable by a type derivation D and P ^ Q, 
then a type derivation E for Q exists. Actually, E can be obtained by manipulating D using techniques 
derived from cut-elimination. Noticeably, not every cut-elimination rule is necessary to prove subject 
reduction. In other words, we are in presence of a weak correspondence between proof terms and pro- 
cesses, and remain far from a genuine Curry-Howard correspondence. 

Those manipulations of proof-terms which are necessary to prove subject reduction can be classified 
as follows: 
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• First of all, a binary relation =^ on proof terms called computational reduction can be defined. At 
the logical level, this corresponds to proper cut-elimination steps, i.e. those cut-elimination steps 
in which two rules introducing the same connective interact. At the process level, computational 
reduction correspond to internal reduction. =^ is not symmetric. 

• A binary relation i — > on proof terms called shift reduction, distinct from must be introduced. At 
the process level, it corresponds to structural congruence. As =>, i — > is not a symmetric relation. 

• Finally, an equivalence relation = on proof terms called proof equivalence is necessary. At the logical 
level, this corresponds to the so-called commuting conversions, while at the process level, the induced 
processes are either structurally congruent or strongly bisimilar. 

The reflexive and transitive closure of i — > U = is denoted with i.e. ^= (i — > U =)*. There is 
not enough space here to give the rules defining =>, i — > and =. Let us give only some relevant 
examples: 

• Let us consider the proof term D = cut(((g)R(F, G)),x. (X" \-{x,y.x.H)) which corresponds to the (8)- 
case of cut elimination. By a computational reduction rule, D =^ E = cut(F, j.cut(G,.x.H)). From 
the process side, D = {vx){{{vy)x{y) .{V \ G)) | x{y).V\) and E = (vx)(vy)((F | G) [ H), where E is the 
process obtained from D by internal passing the channel y through the channel x. 

• Let D = cut(!R(F,;ci , . . . ,Xn),x.\L\{x.Q)) be the proof obtained by composing a proof F (whose last 
rule is !R) with a proof G (whose last rule is ILi) through a cut rule. A shift reduction rule tells us that 

D I — > E = ! Li (jC].! 11(^:2 \\-\{xn. cuh ,y.G)) . . .)), which corresponds to the opening of a box in 

SLL. The shift reduction does not have a corresponding reduction step at process level, since D = E; 
nevertheless, it is defined as an asymmetric relation, for technical reasons connected to the proof of 
bounded interaction. 

• Let D = cut#(F,x.cut(G,3'.H)). A defining rule for proof equivalence =, states that in D the cut# rule 
can be permuted over the cut rule, by duplicating F; namely D = E = cut(cut#(F,;c.G),y.cut#(F,jc.H)). 
This is possible because the channel x belongs to the multiplexor contexts of both G, H, such con- 
texts being treated additively. At the process level, D = (vx)((!x(3').F) | (V3')(G j H)) , while E = 
{vy){{{vx){\x{y).V) I G)) | ((vx)(!x(3;).F) | H))), D and E being strongly bisimilar. 

Before proceeding to Subject Reduction, we give the following two lemmas, concerning structural prop- 
erties of the type system: 

Lemma 2 (Weakening lemma) 7fr;A;0 h D :: T and whenever A C <I>, it holds that T;^;& h D :: T. 

Proof. By a simple induction on the structure of D. □ 

Lemma 3 (Lifting lemma) //T; A;0 h D :: T then there exists an E such that 0;r,A;0 h E :: T where 
E = D. We denote E by D^. 

Proof. Again, a simple induction on the structure of the proof term D. □ 
Finally: 

Theorem 1 (Subject Reduction) Let r;A;0 h D :: T. Suppose that D = P ^ Q. Then there is E such 
thatE = Q, D ^^^Eand(i>;^;& h E :: T, where r,A = (i>,^'. 

Let us give a sketch of the proof of Theorem [T] We reason by induction on the structure of D. Since 
D = P ^ Q the only possible last rules of D can be: IL, ILi, !L#,, a linear cut (cut) or an exponential cut 
(cut I or cut#). In all the other cases, the underlying process can only perform a visible action, as can be 
easily verified by inspecting the rules from Figure [T] With this observation in mind, let us inspect the 
operational semantics derivation proving that P ^ Q. At some point we will find two subprocesses of P, 
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call them R and S, which communicate, causing an internal reduction. We here claim that this can only 
happen in presence of a cut, and only the communication between R and S must occur along the channel 
involved in the cut. Now, it's only a matter of showing that the just described situation can be "resolved" 
preserving types. And this can be done by way of several lemmas, hke the following: 

Lemma 4 Assume that: 

1. r u A;&i hD::x: A (^BwithD = P^:^^^^^Q; 

^ x(v) 

2. r2;A;@2, X : A (^BhE::z:C with E = R-^S. 
Then: 

1. cut(D,x.E) ^=^"^ F/or 5ome F; 

2. ri,r2;A;0i,02 H F :: z : C, where F = {vx){Q \ S). 

The other lemmas can be found in pi]. By the way, this proof technique is very similar to the one 
introduced by Caires and Pfenning UJ. 

5 Proving Polynomial Bounds 

In this section, we prove the main result of this paper, namely some polynomial bounds on the length 
of internal reduction sequences and on the size of intermediate results for processes typable in ttDILL. 
In other words, interaction will be shown to be bounded. The simplest formulation of this result is the 
following: 

Theorem 2 For every type A, there is a polynomial pA such that whenever 0;0;a: : A h D :: y : i and 
0;0;0 h E :: X : A where D and E are normal and (vjc)(D [ E) — >" P, it holds that n, \P\ < Pa(|D| + |E|) 

Intuitively, what Theorem |2] says is that the complexity of the interaction between two processes typable 
without cuts and communicating through a channel with session type A is polynomial in their sizes, 
where the specific polynomial involved only depends on A itself. In other words, the complexity of the 
interaction is not only bounded, but can be somehow "read off" from the types of the communicating 
parties. 

How does the proof of Theorem |2] look like? Conceptually, it can be thought of as being structured 
into four steps: 

1. First of all, a natural number W(D) is attributed to any proof term D. W(D) is said to be the weight 
of D. 

2. Secondly, the weight of any proof term is shown to strictly decrease along computational reduction, 
not to increase along shifting reduction and to stay the same for equivalent proof terms. 

3. Thirdly, W(D) is shown to be bounded by a polynomial on [D[, where the exponent only depends 
on the nesting depth of boxes of D, denoted ]B(D). 

4. Finally, the box depth B(D) of any proof term D is shown to be "readable" from its type interface. 
This is exactly what we are going to do in the rest of this section. Please observe how points [T]-[3] above 
allow to prove the following stronger result, from which Theorem |2] easily follows, given point ID 
Proposition 1 For every « G N, there is a polynomial pn such that for every process P with F; A; h P :: 
T, ifP Q, then m, \Q\ < Pb(p)(I^I)- 

5.1 Preliminary Definitions 

Some concepts have to be given before we can embark in the proof of Proposition [T] First of all, we 
need to define what the box-depth of a process is. Simply, given a process P, its box-depth B(P) is the 
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nesting-level of replication^ in P. As an example, the box-depth of \x{y) .\z{w) .0 is 2, while the one of 
{vx)y{z) is 0. Analogously, the box-depth of a proof term D is simply B(D). 

Now, suppose that F; A; h D : : T and that x : A belongs to either F or A, i.e. that x is an "exponential" 
channel in D. A key parameter is the virtual number of occurrences of x in D, which is denoted as 
¥0{x, D). This parameter, as its name suggests, is not simply the number of literal occurrences of x in D, 
but takes into account possible duplications derived from cuts. So, for example, FO(w,cut!(D,x.E)) = 
¥0{x, E) • FO(w, D) + FO(w, E), while FO(w, (g)R(D, E)) is merely FO(w, D) + FO(w, E). Obviously, 
FO(vt;,b!(;c,w.D)) = 1 and FO(w,b#(;c,>v.D)) = 1. 

A channel in either the auxiliary or the exponential context can "float" to the linear context as an effect 
of rules \L\ or !L#. From that moment on, it can only be treated as a linear channel. As a consequence, it 
makes sense to define the duplicability factor of a proof term D, written D(D), simply as the maximum 
of FO(x, D) over all instances of the rules ILi or !L# in D, where x is the involved channel. For example, 
D(!L!(.x:.D)) =max{B(D),FO(y,D)} andB(^ L(;c, D,3;.E)) = max{D(D),B(E)}. 

It's now possible to give the definition of W(D), namely the weight of the proof term D. Before 
doing that, however, it is necessary to give a parameterized notion of weight, denoted W„(D). Intuitively, 
W„(D) is defined similarly to |D|. However, every input and output action in D can possibly count for 
more than one: 

• Everything inside D in !R(xi , . . . ,x„, D) counts for n; 

• Everything inside D in either cut!(D,x.E) or cut#(D,x.E) counts for FO(x, E). 

For example, W„(cut#(D,x.E)) = FO(x, E) • W„(D) + W„(E), while W„(&L2(x,3;.D)) = 1 + W„(D). 
Now, W(D) is simply W]i}(d)(D). The concepts we have just introduced are more precisely defined 
in H. 

5.2 Monotonicity Results 

The crucial ingredient for proving polynomial bounds are a series of results about how the weight D 
evolves when D is put in relation with another proof term E by way of either =>, i — > or =. Whenever 
a proof term D computationally reduces to E, the underlying weight is guaranteed to strictly decrease: 

Proposition 2 //F;A;0 h D :: T W D ^ E, then O;*^;© h E :: T (where F,A = ^,^>), B(E) < B(D) 
a?iJW(E) < W(D). 

Proof. By induction on the proof that D => E. Some interesting cases: 

• Suppose that D = cut(^ R(j.F),x. ^ L(x,G,x.H)) ^> cut(cut(G,j.F),x.H) = E. Then, 

B(D) = max{B(F),D(G),D(H)} = B(E); 
W(D) = W„(D) (D) = 3 + Wd(d) (F) + Wd(d) (G) + Wd(d) (H) 

> 2 + Wb(e) (F) + Wd(e) (G) + Wd(e) (H) = We(E) (E) = W(E) . 

• Suppose that D = cut(&R(F,G),x.&Li(x,3;.H)) ^>cut(F,x.H) = E. Then, 

B(D) = max{B(F),B(G),B(H)} = B(E); 
W(D) = Wb(d) (D) = 3 + Wd(d) (F) + We(D) (G) + Wd(d) (H) 

> 2 + Wb(e)(F) + We(E)(G) + We(E)(H) = We(E)(E) = W(E). 



This terminology is derived from linear logic, where proofs obtained by the promotion rule are usually called boxes 
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Suppose that D = cut!(F,x.b!(x,y.G)) =^ cut(Fj^,y.cut#(F,x.Gjj.)) = E. Then, 

B{D) = max{D(F^),D(G^)} = max{D(F),I])(F),D(G)} = D(E); 

(D)(D) = FO(x,b!(x,y.G))-WD(D)(F^)+WD(D)(b!(x,3;.G)) 

(D) (F) + WD(D)(b!(x,);.G)) = Wd(d)(F) + 1 + Wd(d)(G) 
(e)(F) + 1+Wd(e)(G) 

(E) (F) + Wb(e) (G) = Wb(e) (F) + • Wb(e) (F) + W„(e) (G) 
= Wd(e) (F) + FO(x, G) • Wd(e) (F) + Wd(e) (G) 

= Wd(e)(E) = W(E). 

• Suppose that 

D = cut#(F,x.b#(x,y.G)) cut(Fj|,);.cut#(F,x.G)) = E. 

Then we can proceed exactly as in the previous case. 
This concludes the proof. □ 

Shift reduction, on the other hand, is not guaranteed to induce a strict decrease on the underlying weight 
which, however, cannot increase: 

Proposition 3 //r;A;0 h D::T andD> — > E, then r;A;0 h E :: T, D(E) < D(D) and W(E) < W(D). 

Proof. By induction on the proof that D i — > E. Some interesting cases: 

• Suppose that 

D = cut(!R(xi,...,;c„,F),;c.!L!(x.G)) i — > !L!(;ci.!L!(;c2- • • • !L!(x„.cut!(F,j.G)))) = E. 

Then, 

D(D) = max{D(F),D(G)} = D(E) 

W(D) = Wd(d) (D) = D(D) • W„(D) (F) + Wb(d) (G) > FO(y, G) • Wd(d) (F) + Wd(d) (G) 
= m{y, G) • Wd(e) (F) + Wd(e) (G) = Wd(e) (E) = W(E). 

• Suppose that 

D = cut(!R(xi,...,x„,F),x.!L#(x.G)) i — > !L#(xi.!L#(x2. . . . !L#(x„.cut#(F,y.G)))) = E. 

Then we can proceed as in the previous case. 
This concludes the proof. □ 

Finally, equivalence leaves the weight unchanged: 

Proposition 4 //r;A;0 h D :: T and D = E, then T; A;0 h E :: T, ]D)(E) = ]D)(D) and W(E) -- 

Proof. By induction on the proof that D = E. Some interesting cases: 

• Suppose that 

D = cut(F,;ic.cut(Gx,j.Hj,)) = cut(cut(F,.x:.G;c), j.Hy) = E. 

Then: 

D(D) =max{]I])(F),D(G;,),D(Hj,)} = ID)(E) 
W(D) = We(D) (D) = Wb(d) (F) + Wb(d) (G,) + We(D) (H,) 

= Wd(e)(F) + Wd(e)(G;,) + WB(E)(Hy) = Wd(e)(E) = W(E). 
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cut(G,x.cut(F,3;.Hxy)) = E. 



cut!(G,j.cut(F,;t.Hxy)) = E. 



D(D) = max{B(F),D(G),]D)(H;,,.)} = ^{^) 

W(D) = We(D) (D) = Wb(d) (F) + FO(3;, H,-,) • Wb(d) (G) + We(D) (H^^) 
= We(D) (F) + ¥0{y, cut(F,x.H,,.)) • Wb(d) (G) + Wd(d) (Hxy) 
= We(E) (F) + FO(3;, cut(F,x.H,,)) • Wd(e) (G) + Wb(e) (H,-,) 
= We(E)(E) = W(E). 



B(D) = max{ID)(F),B(G;,),D(H;^,,)} = ^{^) 

W(D) = FO(x, cut(G,,3;.H^,)) • W„(d) (F) + Wd(d) (G.) + Wd(d) (Hxy) 

= (FO(x, Gx) + FO(x, H„))- W„(D) (F) + W^fo) (G,) + Wd(d) (Hx,.) 

= (FO(x, G,.) • We(D) (F) + FO(x, H,,,)) • We(D) (F) + We(D) (GJ + Wb(d) (Hxy) 

= Win,( D) (cut# ( F , X. Gx) ) + W]D,( D) (cu t# ( F , X. Hxy ) ) 

= WB(D)(E)=We(E)(E) = W(E). 



Now, consider again the subject reduction theorem (Theorem [D: what it guarantees is that whenever 
P ^ Q and D = P, there is E with E = Q and D ^=^^ E. In view of the three propositions we have 
just stated and proved, it's clear that W(D) > E. Altogether, this implies that W(D) is an upper bound 
on the number or internal reduction steps D can perform. But is W(D) itself bounded? 

5.3 Bounding the Weight 

What kind of bounds can we expect to prove for W(D)? More specifically, how related are W(D) and 
|D|? 

Lemma 5 Suppose r;A;0 h D :: T. Then B(D) < [D|. 

Proof. An easy induction on the structure of a type derivation n for F; A; h D :: T. □ 
Lemma 6 //r;A;0 h D :: T, then for every n > B(D), W„(D) < \D\-n^^^^+\ 
Proof. By induction on the structure of D. Some interesting cases: 



• Suppose that 



D = cut#(F,x.cut(Gx,3'.Hxv)) = cut(cut#(F,x.Gx),3'.cut#(F,x. 



Hx,)) = E. 



Then, 



This concludes the proof. 



□ 
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• If D = cut!(D,A;.E),then: 

W„(cut!(D,x.E)) = FO(x, E) • (W„(D) + 1) + W„(E) 

<FO(x,E)-(|D|-«i^(D)+i^^)^|E|.„B(E)+ 

<„.|D|.„^(D)+i+„ + |E|.««(E)+i 

<|D|.„B(D)+2 + „B(E)+l^|E|.„B(E) + l 
< (|D| + |E| + 1) .„max{B(D)+2,B(E)+l} 

= |cut!(D,xE)|-«®(^"t^(D,..E))_ 



• If D = !R(xi, . . . ,x„, E), then: 

W„(!R(xi,...,x„,E))=«-(W„(E) + l) 

<«.[E|.«»(E)+i+« 

<[E|.„B(E)+2^^B(E)+2 

= (i + |E|)-?i'^(''^(-'"'-'''"'^))+^ 

= |!R(xi,...,x„,E)|.n^(^^(^--'^-^))+i. 

This concludes the proof. □ 



5.4 Putting Everything Together 

We now have almost all the necessaiy ingredients to obtain a proof of Proposition [T] the only missing 
tales are the bounds on the size of any reducts, since the polynomial bounds on the length of internal 
reductions are exactly the ones from Lemma |6] Observe, however, that the latter induces the former: 

Lemma 7 Suppose that P — >" Q. Then \Q\ < n ■ \P\. 

Proof. By induction on n, enriching the statement as follows: whenever P — )•" Q, both \Q\ <n - \P\ and 
\R\ < \P\ for every subprocess Rof Qin the form \x{y).S. □ 

Let us now consider Theorem |2l how can we deduce it from Proposition [T]? Everything boils down to 
show that for normal processes, the box-depth can be read off from their type. In the following lemma, 
IB (A) and B(r) are the nesting depths of ! inside the type A and inside the types appearing in F (for every 
type A and context F). 

Lemma 8 Suppose that F;A;0 h D :: x : A and that D is normal. Then B(D) = max{]B(F),B(A),B(0), 
B(A)}. 

Proof. An easy induction on D. □ 



6 Conclusions 

In this paper, we introduced a variation on Caires and Pfenning's ttDILL, called ttDSLL, being inspired 
by Lafont's soft linear logic. The key feature of ttDSLL is the fact that the amount of interaction induced 
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by allowing two processes to interact with each other is bounded by a polynomial whose degree can be 
"read off" from the type of the session channel through which they communicate. 

What we consider the main achievement of this paper is definitely not the proof of these polynomial 
bounds, which can be obtained by adapting the ones in [61 or in fSl, although this anyway presents some 
technical difficulties due to the low-level nature of the TT-calculus compared to the lambda calculus or 
to higher-order TT-calculus. Instead, what we found very interesting is that the operational properties 
induced by typability in ttDSLL, bounded interaction in primis, are not only very interesting and useful in 
practice, but different from the ones obtained in soft lambda calculi: in the latter, it's the normalization 
time which is bounded, while here it's the interaction time. Another aspect that we find interesting is 
the following: it seems that the constraints on processes induced by the adoption of the more stringent 
typing discipline ttDSLL, as opposed to ttDILL, are quite natural and do not rule out too many interesting 
examples. In particular, the way sessions can be defined remains essentially untouched: what changes is 
the way sessions can be offered, i.e. the discipline governing the offering of multiple sessions by servers. 
All the examples in [1] and the one from Section[2]are indeed typable in ttDSLL. 

Topics for future work include the accommodation of recursive types into ttDSLL. This could be 
easier than expected, due to the robustness of Ught logics to the presence of recursive types 1,3,1 . 
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